Friday, June 18, 2010

DRM: Product/CD Keys


I remember the first time I ever saw a CD key. It was on the original StarCraft. I remember wondering why you needed it. Oh, how young and naive I was back then.

CD keys or product keys were one of the very first methods of DRM used. They were quickly adopted by game companies and are still used today. They work by having a unique set of characters and/or numbers for each product sold. This key, upon installation, was used to validate a game copy's legality.

At first, this validation process was just an algorithm. This algorithm checked a set of rules against the key. If it met all the rules then the copy was recognized as legit and installation would continue. If it failed this rule check, the copy was viewed as illegal and the installation would fail.

The problem with this approach, is that it's very easy for pirates and hackers to discover this algorithm. Once discovered it's another short step to create an algorithm that will spit out "legit" keys. This is called a key gen and, even today, you can still find them for many games.

With the spread of the internet a new method of authenticating keys came about. Instead of checking the key with an algorithm, the key is instead checked against a database online. This database holds every key ever created for a product. A lot of the time these keys still use an algorithm for their creation and still follow a set of rules. The difference is that legit keys not only have to pass this algorithm, but they also have to be in the database.

This database makes it harder for pirates and hackers to install their illegal copy, but not impossible. In a case like this, pirates usually avoid using keys altogether. Instead of having it check a key you just trick the program installer into believing it did the check or, better yet, remove the check altogether.

So, why are product keys still in use today? Well, they stop just anyone from stealing the game. Everyone can install a program, but not everyone can create a key gen.

Why are so many other DRM solutions shunned, yet product keys aren't even blinked at? It's because product keys are unobtrusive. The user generally deals with them only once, at installation time. After that point the user is never bugged again.

Lastly, why aren't product keys the be-all end-all for DRM? Because they're laughably hackable, nothing more than an annoying gnat. They're there to stop the every day Joe and Jane from stealing the game, but will be quickly swatted aside by any hacker.

1 comment:

Note: Only a member of this blog may post a comment.